Bug 122149 - RFE: Yum should default to checkgpg=1
RFE: Yum should default to checkgpg=1
Product: Fedora
Classification: Fedora
Component: yum (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2004-04-30 18:01 EDT by William Hooper
Modified: 2014-01-21 17:49 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-05-04 09:31:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description William Hooper 2004-04-30 18:01:40 EDT
To be consistent with up2date, yum should be configured OOTB to check
GPG keys.
Comment 1 Seth Vidal 2004-04-30 20:56:53 EDT
This is me giving the big non-committal shrug.

if that's what red hat wishes to do with the fedora package of yum
that's fine by me.

it's a config file change.
Comment 2 Alan Cox 2004-05-02 18:26:28 EDT
I definitely think it should default safe. Even if it then points the
user at a URL about keys and stuff, it should stop errors first IMHO
Comment 3 Jeff Johnson 2004-05-04 09:31:40 EDT
While I agree the default should be "safe", I see no
reason to diverge from upstream. yum is installing packages well,
adding key ring management to that task will decrease reliability.
Comment 4 William Hooper 2004-05-04 10:40:21 EDT
I'm not sure I understand Comment #3.  Yum already has GPG key
checking included (via the RPM database, like up2date), it is just not
configured to use it by default.
Comment 5 Seth Vidal 2004-05-04 22:14:13 EDT
I'm fine with gpgcheck=1 being on in yum. Installing keys is not
difficult, there are LOTS of instructions for how to do it and yum
exits reasonably nicely with an error about how the user should either
install the right keys or disable gpgcheck=1.

I agree that gpgchecks are a good idea, I'm just not sure how much
they matter considering users don't pay attention to them anyway..

Note You need to log in before you can comment on or make changes to this bug.